Protection against the Coinminer malware

What is CoinMiner malware?

Coinminers (also called cryptocurrency miners) are programs that generate Bitcoin, Monero, Ethereum, or other cryptocurrencies that are surging in popularity. When intentionally run for one's own benefit, they may prove a valuable source of income.

However, malware authors have created threats and viruses which use commonly-available mining software to take advantage of someone else's computing resources (CPU, GPU, RAM, network bandwidth, and power), without their knowledge or consent (i.e. cryptojacking).

What are the types of coin miners?

There are many different ways to force a computer or device to mine cryptocurrency. These are the three main types of miners:

Executables: These are typical malicious or Potentially Unwanted Application (PUA) executable files (.exe) placed on the computer and designed to mine cryptocurrencies.

Browser-based Cryptocurrency Miners: These JavaScript (or similar technology) miners perform their work in an Internet browser, consuming resources for as long as the browser remains open on the website. Some miners are used intentionally by the website owner in place of running ads (e.g. Coinhive), while others have been injected into legitimate website without the website owner's knowledge or consent.

Advanced Fileless Miners: Malware has emerged that performs its mining work in a computer's memory by mis-using legitimate tools like PowerShell. One example is MSH.Bluwimps, which carries out additional malicious acts in addition to mining.

How do I know if my device is being used for coin mining?

Coinminers run on various platforms, including:

Windows

Mac

Linux

Android

Internet of Things (IoT) devices

Norton products typically raise a warning when files related to coin mining are found, to bring them to your attention; though open-source and widely-used, mining software may be Potentially Unwanted Applications (PUA).